echo "Flushing existing iptables rules..."
echo ""
iptables -F INPUT

###### INPUT chain ######
#
echo "Setting up INPUT chain ..."
echo ""
# status
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT

# 放行部署阶段需要开放的端口
iptables -A INPUT -p tcp  --dport 30080 -j ACCEPT
iptables -A INPUT -p tcp  --dport 62210 -j ACCEPT
iptables -A INPUT -p tcp  --dport 8800 -j ACCEPT
iptables -A INPUT -p tcp  --dport 8086 -j ACCEPT
iptables -A INPUT -p tcp  --dport 9000 -j ACCEPT
iptables -A INPUT -p tcp  --dport 9001 -j ACCEPT
iptables -A INPUT -p tcp  --dport 2379 -j ACCEPT
iptables -A INPUT -p tcp  --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp  --dport 6379 -j ACCEPT
iptables -A INPUT -p tcp  --dport 9200 -j ACCEPT



# 放行ssh端口
iptables -A INPUT -p tcp --dport 22  -j ACCEPT
iptables -A INPUT -m set --match-set defaultset src,dst -j ACCEPT 
iptables -I INPUT -m set --match-set blacklistset src -j DROP
###### OUTPUT chain ######
#
#echo "Setting up OUTPUT chain ..."

### state tracking rules
#iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
#iptables -A OUTPUT -o lo -j ACCEPT

###### FORWARD chain ######
#
echo "Setting up FORWARD chain ..."
echo ""

# status
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
iptables -A FORWARD -m set --match-set defaultset src,dst -j ACCEPT 

# POSTROUTING
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#saas
#iptables -t nat -A PREROUTING -p udp -m udp --match multiport --dports 30000:50010  -j DNAT --to-destination 40.73.89.163
########## close door #########
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

########## SPALite #########
#iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o ens33 -j MASQUERADE
#iptables -t nat -A PREROUTING -d 124.193.68.154/32 -p tcp -m tcp --dport  5601 -j DNAT --to-destination 192.168.2.193:5601

echo "Setting iptables default OK ..."
echo ""

### EOF ###
